Governance, Risk, and Compliance: Clarification regarding the creation of custom questionnaire templates - Support and Troubleshooting

Governance, Risk, and Compliance: Clarification regarding the creation of custom questionnaire templates Issue A problem was discovered when Vendor Risk Managers were modifying custom questionnaire templates. These templates were created in the GRC: Vendor Risk Management scope, but when Vendor Risk Managers (with assessment admin role) make changes to them, the updates are automatically created in the Global scope, resulting in scope mismatches.

For example: metric type, metric categories, assessment metrics, and metric definitions are all created in the GRC: VRM scope.

In Global, a new category with metrics and definitions was created. Furthermore, when the template was assigned to a user through AINST, the newly added category/metrics were not visible to the end user. This is a problem because Vendor Risk Managers cannot change the scope of their application without the admin role.

Release Orlando Patch 7

Resolution Because of scope constraints, when an assessment is generated for the vendor, the metric category created on the global level is skipped and the respective Assessment Instance Questions are not displayed.

To avoid this issue, change the scope of the Metric Category - Privacy form global to VRM scope .

Go to the Metric Category -Privacy (Make sure you are VRM scope) Click on Insert and Stay Get the new Metric Category - Privacy on VRM scope Delete the global scope metric category Related Links Understanding Vendor Risk Management

Manage vendor risk assessments